Measures to counter unsolicited commercial communications ("spam")
Unsolicited commercial communications by e-mail, otherwise known as 'spam' have reached worrying proportions. This phenomenon is now one of the greatest challenges to the Internet. In this context, this Communication identifies a series of actions to complement the existing rules against spam. The aim is to make the ban on spam as effective as possible.
Communication from the Commission of 22 January 2004 on unsolicited commercial communications or 'spam' [COM(2004) 28 final - not published in the Official Journal].
EXTENT OF THE PROBLEM
In just a few years, spam has become a problem of worrying proportions. More than 50 percent of global e-mail traffic is now estimated to be spam. What is even more worrying is the rate of growth: in 2001 the proportion of spam was around 7 percent.
Spam is a problem for many reasons:
- invasion of privacy;
- frequently misleading or deceptive;
- shocking pornographic content;
- loss of time (emptying e-mailboxes) and financial cost to the user (purchase of filtering software);
- the considerable cost to businesses: IT departments spend an increasing amount of time and money trying to address this problem. The time used to empty e-mailboxes also reduces efficiency and productivity. There are also indirect costs: some legitimate commercial or business e-mails are not delivered due to current anti-spam filtering techniques. It has been estimated that, in 2002, spam cost European companies EUR 2.5 billion in terms of lost productivity alone.
EXISTING LEGISLATIVE INSTRUMENTS
The 2002 Directive on privacy and electronic communications prohibits the sending of unsolicited commercial mail (by e-mail, SMS or MMS) without the prior consent of the subscriber to such electronic communications services ("opt-in" principle). Implementing this measure is a necessary first step. However, a series of further actions will be needed to complement the Directive and make the "ban on spam" a reality.
This Communication therefore proposes different types of action:
- action to be taken by governments and public authorities in areas such as remedies and penalties, complaints mechanisms, cross-border complaints, cooperation with third countries and monitoring;
- technical and self-regulatory action by market players;
- consumer awareness-raising.
Effective implementation and enforcement by Member States and public authorities
Effective application of the opt-in principle must be a priority in all Member States. This will involve the provision of monitoring tools and adequate application mechanisms, including cross-border mechanisms. Cooperation with non-EU countries is also essential.
Effective remedies and penalties
Administrative sanctions seem to be more appropriate than judicial remedies for tackling the problem of unsolicited commercial communications. They are both affordable and quick.
The Commission proposes that Member States take the following action:
- complete the transposition of the Directive on privacy and electronic communications, in particular the provisions on unsolicited communications;
- assess the effectiveness of their systems of remedies and penalties for infringements and make sure victims have the possibility to claim damages;
- Member States and competent authorities that do not have administrative remedies should consider the creation of such remedies to enforce the new rules.
Effective enforcement of the existing rules necessitates adequate complaint mechanisms. In this context, the creation of dedicated e-mailboxes for receiving complaints about spam ("spam boxes") is an interesting approach. One advantage of this type of initiative is that it seems to encourage consumers to report infringements, helping to improve law enforcement. They also make it possible to monitor and measure the scale and scope of spam.
Member States are encouraged to:
- assess the effectiveness of their legal systems to cope with user complaints and make adjustments if needed;
- establish adequate complaint mechanisms, including dedicated e-mailboxes for users to complain about spam.
Cross-border complaints and cooperation on enforcement inside the EU
It is essential that cross-border complaints are dealt with effectively if consumers are to be properly protected. It is also very important for the national complaints mechanisms to be linked to ensure that complaints from users in one Member State regarding messages originating in another Member State are dealt with effectively. At present not all Member States have a formal procedure to deal with cross-border complaints.
The Member States are invited to:
- assess the effectiveness of their procedures for dealing with cross-border complaints;
- examine any existing barriers to information exchange and cooperation;
- use an existing liaison mechanism - or create one - by which national authorities can cooperate in pursuit of cross-border enforcement inside the EU.
Cooperation with third countries
Effective enforcement of the rules with regard to messages originating in third countries is vital as a large proportion of spam comes from outside the EU. The first objective of international cooperation is to promote the adoption of appropriate legislation in third countries. The second objective is to ensure the effective enforcement of the applicable rules.
The Commission calls upon the Member States to:
- take an active role in forums such as the Organisation for Economic Cooperation and Development (OECD) which is working to address the problem of spam;
- engage in or reinforce bilateral cooperation with third countries, and with the private sector (in particular ISPs and ESPs), in order to trace back spammers.
TECHNICAL AND SELF-REGULATORY ACTION FOR INDUSTRY
Self-regulatory action concerns market players in particular. The measures relate to areas such as contractual arrangements, codes of conduct, acceptable marketing practices, labels, alternative dispute resolution mechanisms and technical solutions such as filtering and server security.
Effective application of the "opt-in" regime
The industry must turn the opt-in regime into an everyday business practice. Industry self-regulation, or indeed co-regulation, should be promoted in areas where legislation may not be sufficient. Contracts can be particularly useful in the fight against spam, subject to safeguards with respect to individual rights. Many Internet service providers (ISPs) and e-mail service providers (ESPs) already include obligations in contracts with their customers prohibiting the use of their services for sending spam.
The following actions are planned:
- the industry must assess the extent to which its existing contracts are compatible with the new rules and, if not, adapt them accordingly;
- direct marketeers are invited to adapt their practices to the opt-in regime, in particular by agreeing on specific, lawful methods of collecting personal data;
- effective codes of practice which comply with the "opt-in" regime must be developed and disseminated;
- tools such as labels ("trustmarks" or "webseals") could be used for e-mail messages and databases which comply with the "opt-in" regime.
Alternative dispute resolution (ADR) mechanisms
An out-of-court redress mechanism may be a useful means of dealing with disputes in relation to on-line transactions and communications. The Commission therefore recommends the use (or creation, if necessary) of self-regulatory complaints mechanisms, building on existing initiatives (such as the European Extra-Judicial Network EEJ-NET.
Different filtering tools are used to counter spam on the technical front. However, not all filtering techniques offer the same level of user control, or the same guarantees of data protection and privacy. The techniques may also cause efficiency problems by blocking some legitimate e-mail ("false positives") or allowing spam to get through ("false negatives").
Filtering software providers are invited to:
- ensure that their filtering systems are compatible with the opt-in regime;
- take into account the consequences for users of "false positives", "false negatives", certain forms of content-based filtering, and the possible associated liability issues;
- cooperate with interested parties to develop ways of recognising those marketing e-mails which comply with accepted marketing practices, for example using labels, etc.;
- offer filtering facilities or services to their customers as an option available on request, as well as information on third party products.
All those concerned (Member States and competent authorities, consumer and/or user associations, the industry, etc.) should be actively involved in prevention, consumer awareness-raising and dealing with complaints.
In their awareness campaigns the parties concerned should provide basic information on the new rules and on the rights of industry and consumers under those rules; information on acceptable marketing practices under the opt-in regime; and information on the products and services available to avoid spam and on practical steps to take when confronted with spam (complaints mechanisms and ADR systems). They should also refer to effective industry codes of conduct.
Action proposed by the Commission
The Commission will monitor the actions proposed in this Communication and will assess - by the end of 2004 - the need for any supplementary action. The Commission departments have also created an informal group to facilitate work on the effective enforcement of the 2002 Directive on privacy and electronic communications, as well as the other actions identified in the Communication. The Commission also supports the launch of Europe-wide on-line codes of conduct for direct marketing,
The Commission supports projects to deal with spam in the context of the Safer Internet programme.
Further information on European policy to combat spam can be found here.